| Message ID | 20220706184008.1649478-19-eperezma@redhat.com |
|---|---|
| State | New |
| Headers | show |
| Series | Net Control VQ support in SVQ | expand |
在 2022/7/7 02:40, Eugenio Pérez 写道: > Shadow CVQ will copy buffers on qemu VA, so we avoid TOCTOU attacks that > can set a different state in qemu device model and vdpa device. > > Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com> > --- > include/hw/virtio/vhost-vdpa.h | 4 ++++ > hw/virtio/vhost-vdpa.c | 7 +++---- > 2 files changed, 7 insertions(+), 4 deletions(-) > > diff --git a/include/hw/virtio/vhost-vdpa.h b/include/hw/virtio/vhost-vdpa.h > index a29dbb3f53..7214eb47dc 100644 > --- a/include/hw/virtio/vhost-vdpa.h > +++ b/include/hw/virtio/vhost-vdpa.h > @@ -39,4 +39,8 @@ typedef struct vhost_vdpa { > VhostVDPAHostNotifier notifier[VIRTIO_QUEUE_MAX]; > } VhostVDPA; > > +int vhost_vdpa_dma_map(struct vhost_vdpa *v, hwaddr iova, hwaddr size, > + void *vaddr, bool readonly); > +int vhost_vdpa_dma_unmap(struct vhost_vdpa *v, hwaddr iova, hwaddr size); > + > #endif > diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c > index 69cfaf05d6..613c3483b0 100644 > --- a/hw/virtio/vhost-vdpa.c > +++ b/hw/virtio/vhost-vdpa.c > @@ -71,8 +71,8 @@ static bool vhost_vdpa_listener_skipped_section(MemoryRegionSection *section, > return false; > } > > -static int vhost_vdpa_dma_map(struct vhost_vdpa *v, hwaddr iova, hwaddr size, > - void *vaddr, bool readonly) > +int vhost_vdpa_dma_map(struct vhost_vdpa *v, hwaddr iova, hwaddr size, > + void *vaddr, bool readonly) > { > struct vhost_msg_v2 msg = {}; > int fd = v->device_fd; > @@ -97,8 +97,7 @@ static int vhost_vdpa_dma_map(struct vhost_vdpa *v, hwaddr iova, hwaddr size, > return ret; > } > > -static int vhost_vdpa_dma_unmap(struct vhost_vdpa *v, hwaddr iova, > - hwaddr size) > +int vhost_vdpa_dma_unmap(struct vhost_vdpa *v, hwaddr iova, hwaddr size) > { > struct vhost_msg_v2 msg = {}; > int fd = v->device_fd;
diff --git a/include/hw/virtio/vhost-vdpa.h b/include/hw/virtio/vhost-vdpa.h index a29dbb3f53..7214eb47dc 100644 --- a/include/hw/virtio/vhost-vdpa.h +++ b/include/hw/virtio/vhost-vdpa.h @@ -39,4 +39,8 @@ typedef struct vhost_vdpa { VhostVDPAHostNotifier notifier[VIRTIO_QUEUE_MAX]; } VhostVDPA; +int vhost_vdpa_dma_map(struct vhost_vdpa *v, hwaddr iova, hwaddr size, + void *vaddr, bool readonly); +int vhost_vdpa_dma_unmap(struct vhost_vdpa *v, hwaddr iova, hwaddr size); + #endif diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c index 69cfaf05d6..613c3483b0 100644 --- a/hw/virtio/vhost-vdpa.c +++ b/hw/virtio/vhost-vdpa.c @@ -71,8 +71,8 @@ static bool vhost_vdpa_listener_skipped_section(MemoryRegionSection *section, return false; } -static int vhost_vdpa_dma_map(struct vhost_vdpa *v, hwaddr iova, hwaddr size, - void *vaddr, bool readonly) +int vhost_vdpa_dma_map(struct vhost_vdpa *v, hwaddr iova, hwaddr size, + void *vaddr, bool readonly) { struct vhost_msg_v2 msg = {}; int fd = v->device_fd; @@ -97,8 +97,7 @@ static int vhost_vdpa_dma_map(struct vhost_vdpa *v, hwaddr iova, hwaddr size, return ret; } -static int vhost_vdpa_dma_unmap(struct vhost_vdpa *v, hwaddr iova, - hwaddr size) +int vhost_vdpa_dma_unmap(struct vhost_vdpa *v, hwaddr iova, hwaddr size) { struct vhost_msg_v2 msg = {}; int fd = v->device_fd;
Shadow CVQ will copy buffers on qemu VA, so we avoid TOCTOU attacks that can set a different state in qemu device model and vdpa device. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> --- include/hw/virtio/vhost-vdpa.h | 4 ++++ hw/virtio/vhost-vdpa.c | 7 +++---- 2 files changed, 7 insertions(+), 4 deletions(-)